The flaw realting to CVS, affects all versions of the software released before May 19 2004.
The heap overflow issue occurs because data from the users is not checked enough. The CVS Project and various vendors have already posted advisories and patches.
The Subversion issue is much easier to exploit, it is caused by an error in the way the code parses dates, which could allow remote code execution.
If you use CVS or Subversion, update or patch!
Post ID: 382, posted by jase at 03:52 PMThanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved before your comment will appear.)